Update cinder.conf

This is mostly just a sanity check, we're revmoving
this whole check from the gate, but we've had
conflicting versions of the truth here and I'm trying
to figure out why.

This patch is a fresh run of generate_sample, which differs
from https://review.openstack.org/#/c/96784/

Change-Id: Ia2d6ca01beb1d2c42084100990129dadbb32b22c

diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
index 11603c73a675a6c621c7529bb8c99b61934f9ae7..9204aa797bc10ebaf3e1d13d5f7007c681483ddd 100644 (file)
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@@ -2016,7 +2016,7 @@
 #auth_uri=<None>
 
 # Complete admin Identity API endpoint. This should specify
-# the unversioned root endpoint eg. https://localhost:35357/
+# the unversioned root endpoint e.g. https://localhost:35357/
 # (string value)
 #identity_uri=<None>
 
@@ -2037,9 +2037,12 @@
 # with Identity API Server. (integer value)
 #http_request_max_retries=3
 
-# Single shared secret with the Keystone configuration used
-# for bootstrapping a Keystone installation, or otherwise
-# bypassing the normal authentication process. (string value)
+# This option is deprecated and may be removed in a future
+# release. Single shared secret with the Keystone
+# configuration used for bootstrapping a Keystone
+# installation, or otherwise bypassing the normal
+# authentication process. This option should not be used, use
+# `admin_user` and `admin_password` instead. (string value)
 #admin_token=<None>
 
 # Keystone account username (string value)
@@ -2091,7 +2094,7 @@
 # number of revocation events combined with a low cache
 # duration may significantly reduce performance. (integer
 # value)
-#revocation_cache_time=300
+#revocation_cache_time=10
 
 # (optional) if defined, indicate whether token data should be
 # authenticated or authenticated and encrypted. Acceptable
@@ -2124,6 +2127,23 @@
 # value)
 #enforce_token_bind=permissive
 
+# If true, the revocation list will be checked for cached
+# tokens. This requires that PKI tokens are configured on the
+# Keystone server. (boolean value)
+#check_revocations_for_cached=false
+
+# Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those
+# supported by Python standard hashlib.new(). The hashes will
+# be tried in the order given, so put the preferred one first
+# for performance. The result of the first hash will be stored
+# in the cache. This will typically be set to multiple values
+# only while migrating from a less secure algorithm to a more
+# secure one. Once all the old tokens are expired this option
+# should be set to a single value for better performance.
+# (list value)
+#hash_algorithms=md5
+
 
 [matchmaker_ring]